We had such attack a few weeks ago,
It was some script flooding with pop authentications.
Knocked out FTP and POP Service (definitely pam related).
Dbrecover had to be run to get service back.
There is a protection for this, just limit the pop logins per minute per IP,
Just waiting for its release by Solarspeed
Regards
Rodrigo O
Xnet
-----Original Message-----
From: Arthur Sherman [mailto:arturs (at mark) netvision.net.il]
Sent: Jueves, 16 de Agosto de 2007 06:04 a.m.
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:10597] Re: FTP Issues
No, Rodrigo, I don't.
I am talking about attack which affects FTP as well.
AFAIK, both mail & ftp need PAM to authorise.
If attack on mail succeds in affecting PAM, all services that rely on it are
in trouble.
I think people were talking about something similar about 2 weeks ago.
Best,
--
Arthur Sherman
> You might be confusing swatch with an attack,
>
> "swatch" (I think that is system watch) Does Access FTP every
> 15 minutes to check whether FTP, SMTP , and other services are alive
> and reports them to the GUI and thorug mail if it finds problem.
>
> On the log you see a simple log in and log out
>
> HTH
>
> Rodrigo O
>
> -----Original Message-----
> From: Arthur Sherman [mailto:arturs (at mark) netvision.net.il]
> Sent: Martes, 14 de Agosto de 2007 04:53 p.m.
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:10583] Re: FTP Issues
>
> > Have a BQ server with the SolarSpeed load and just recently the FTP
> > appears to being attacked server ftp up then down every
> 15mins anyone
> > esle have or had this issue?
> > Thank you
> > --
> >
> > Richard C. Barker Sr.
>
> I do.
> As far as I (and others on the List) have discovered, the attack
> vector is on PAM, through mail actually.
> When PAM fails, FTP fails as well.
>
> Though I am not 100% sure yet.
>
> Best,
>
> --
> Arthur Sherman
>
>
>
>